Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3f88a820 authored by Fenil Panwala's avatar Fenil Panwala Committed by Sumangala P
Browse files

memshare: Prevent possible integer overflow 



Prevent possible integer overflow by sanitizing the alloc request
size coming from the client against allottable amount of memory.

Change-Id: I63241c464dc6fcfac8e131d3d3b9f639a93de5bd
Signed-off-by: default avatarFenil Panwala <quic_fpanwala@quicinc.com>
Signed-off-by: default avatarMadhab Sharma <quic_madhshar@quicinc.com>
(cherry picked from commit 960ef50b)
parent efd58800

drivers/soc/qcom/memshare/msm_memshare.c

+6 −3
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

/* Copyright (c) 2013-2020, The Linux Foundation. All rights reserved.

 * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.

 * Copyright (c) 2022-2023 Qualcomm Innovation Center, Inc. All rights reserved.

 */



#include <linux/err.h>
@@ -481,8 +481,11 @@ static void handle_alloc_generic_req(struct qmi_handle *handle, 
		return;

	}



	if (!memblock[client_id].allotted) {

		if (memblock[client_id].guard_band && alloc_req->num_bytes > 0)

	if (!memblock[client_id].allotted && alloc_req->num_bytes > 0) {

		if (alloc_req->num_bytes > memblock[client_id].init_size)

			alloc_req->num_bytes = memblock[client_id].init_size;



		if (memblock[client_id].guard_band)

			size = alloc_req->num_bytes + MEMSHARE_GUARD_BYTES;

		else

			size = alloc_req->num_bytes;